CHAPTER 5 IMPLEMENTATION AND TESTING

5.1 Implementation Linux Installation

1. According to illustration 5.1 the first step is select the language to install linux. And then create a partition for the linux operating system that will be installed. The partition that will be used in the installation of linux is the swap partition and partition/.

2. According to illustration 5.2 The next step is select the location to determine the timezone in linux. And then select the keyboard layout is used.

3. According to illustration 5.3 the next step is to create a username and password to login to a linux operating system that has been installed. After that the linux installation process will start.

4. According to illustration 5.4 After the installation process is complete restart the computer that has been installed linux. After that login with username and passsword that have been created.

10 11

Illustration 5.1 Display To Select The Language To Install Linux And Create Patition.

Illustration 5.2 Display To Select Timezone And Keyboard Layout. 12

Illustration 5.3 Display To Create User And Password And Installation Process

Illustration 5.4 Linux Installation Is Complete. ISP Config Installation

1. Open the terminal and sign in as user root.

sudo su

2. The next step was to reconfigure the dpkg and select no to use the dash as the default system shell in the bin/sh directory. 13

Illustration 5.5 Reconfigure Dpkg. 3. Disable apparmor.

service apparmor stop

update-rc.d -f apparmor remove

And Remove Apparmor

apt-get remove apparmor apparmor-utils

Apparmor is a linux security system that can interfere with the installation in the isp config. Apparmor is equal to Selinux which is owned by redhat linux.

4. Installing network time protocol.

apt-get -y install ntp ntpdate

To set on a system clock with an NTP through internet network when running the server.

5. install e-mail server, MariaDB server, dan Rootkit Hunter.

apt-get install rkhunter openssl getmail4 binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo postfix postfix-mysql postfix-doc mariadb-client mariadb-server 14

6. Configure the type of email to use and enter the system's email name. Type of email used is internet site because this type of email can be accessed through web broswer via a computer network. While the name of the email system is the hostname entered is already created when installing linux.

Illustration 5.6 Display To Choose The Type Of E-mail To Be Used.

Illustration 5.7 Input System Mail Name. 7. Then edit the configuration file postfix in the directory/etc/postfix/master.cf.

nano /etc/postfix/master.cf 15

This configuration is used to enable the SMTP port used to send the e- mail. Uncomment on:

submission inet n - - - - smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

smtps inet n - - - - smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

SASL itself useful for the security of the user when login using Roundcube. Then change the at-o smtpd_client_restrictions becomes

-o smtpd_client_restrictions = permit_sassl_authenticated, rejects.

This aim as a restriction permission to login to the account email server t hat has created and match the right username and password used to log what is appropriate or not.

8. After the configuration above, the next step is to restart the postfix to run postfix configuration.

service postfix restart

9. Before installing mysql server to do is edit the mysql configuration file.

nano /etc/postfix/master.cf

Uncomment on :

bind address = 127.0.0.1

this aim so that mysql can be accessed online viai ISP Config. 16

10. Then install the mysql server and the mysql server configuration use:

mysql_secure_installation

The configuration of the mysql server in the form of filling the root password that will be used to login to the mysql server, remove the anonymous user so that people who do not have a user account cannot login, root login remotely in order to disallow mysql can be accessed by way of connect to the server and run mysqlnya a command to access the database, delete the test database, and reload privilege table now. All this configuration is used in order for the existing database in mysql be safe

Enter current password for root (enter for none): <-- press enter

Set root password? [Y/n] y

New password: <-- 12345

Re-enter new password: <-- 12345

Remove anonymous users? [Y/n] <-- y

Disallow root login remotely? [Y/n] <-- y

Reload privilege tables now? [Y/n] <-- y

11. Then Restart Mysql server service

service mysql restart

12. The next step is installing spamasssin and clamcav with:

apt-get install spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket- ssl-perl libnet-ident-perl zip libnet-dns-perl postgrey

13. Disable spamassasin.

service spamassassin stop 17

update-rc.d -f spamassassin remove

Because the ISP config will call spamassasin when needed.

14. Install PHP Myadmin, apache web server, and PHP 7.0.

apt-get install apache2 apache2-doc apache2-utils libapache2-mod- php php7.0 php7.0-common php7.0-gd php7.0-mysql php7.0-imap phpmyadmin php7.0-cli php7.0-cgi libapache2-mod-fcgid apache2- suexec-pristine php-pear php-auth php7.0-mcrypt mcrypt imagemagick libruby libapache2-mod-python php7.0-curl php7.0-intl php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0- xmlrpc php7.0-xsl memcached php-memcache php-imagick php- gettext php7.0-zip php7.0-mbstring

15. PHP Myadmin Configuration. Configuration of choosing a web server that will be used for PHP Myadmin, and set the password mysql application in PHP Myadmin. The created password will be used to login to the Myadmin PHP page by using the root user. The web server to be used by PHP Myadmin uses apache 2.

Illustration 5.8 The display For Select Webserver. 18

Illustration 5.9 Input PHP MyAdmin Password. 16. Then run the suexec rewrite ssl actions file include cgi in the Apache 2 directory.

a2enmod suexec rewrite ssl actions include cgi

The purpose of running this configuration is to write the certificate to be used by the ISP config as its security system.

17. After that run the configuration file also dav_fs auth_digest dav headers that are in the directory of apache2.

a2enmod dav_fs dav auth_digest headers

The purpose of running this Setup is so that the user can manage website files on the server.

18. Add a new configuration file with the name httproxy. conf in directory/etc/apache2/conf-available/.

nano /etc/apache2/conf-available/httpoxy.conf

The contents of the file are httproxy RequestHeader unset the Proxy early.

RequestHeader unset Proxy early 19

Because with the httproxy.conf configuration file will overcome the attack by exploiting the deployment via HTTP Proxy that can change the url. then execute the config file httpoxy.

a2enconf httpoxy

19. Restart Service Apache2.

service apache2 restart

20. Edit the mimetypes file in /etc/ directory.

nano /etc/mime.types

And uncomment on application / x-ruby rb.

#application/x-ruby

This configuration is intended to allow the ISP config to grant permissions for each user logged in to the ISP config page.

21. Restart Apache2 service.

service apache2 restart

22. Install PHP Opcode Cache & PHP-FPM.

apt-get install php7.0-opcache php-apcu libapache2-mod-fastcgi php7.0-fpm

23. Then run the configuration file actions fastcgi alias.

a2enmod actions fastcgi alias

This configuratio is required to make the process of opening the website faster.

24. Restart apache2 service.

service apache2 restart

25. Install let's encrypt. 20

apt-get -y install letsencrypt

This software is useful to encrypt the SSL certificate that has been created and will be used for ISP config.

26. Install PureFTPd & Quota.

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

27. Then edit the pure-ftpd-common configuration file in /etc/default/ directory.

nano /etc/default/pure-ftpd-common

And change virtualchroot to true.

VIRTUALCHROOT=true

This configuration is required for each user who will have their own directory which is like a directory / which can later be accessed by filezilla.

28. Then change the number on TLS in the / etc / pure-ftpd / conf / TLS directory to .

echo 1 > /etc/pure-ftpd/conf/TLS

The configuration is intended to enable TLS as an encryption which will then be used to login to the FTP user that has been created with the ISP config.

29. The next step is to create a parent directory.

mkdir -p /etc/ssl/private/

To save SSL keys that will be created later.

30. Then create an SSL certificate that has a validity period of up to 7300 days. 21

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Open SSL itself is useful for encrypting the process of sending data from server to client or client to server.

31. Then fill in the SSL certificate by entering the country code, province name, city name, organization name, organization unit name, hostname on server, and e-mail address.

Country Name (2 letter code) [AU]: <-- ID.

State or Province Name (full name) [Some-State]: <-- Jawa tengah.

Locality Name (eg, city) []: <-- Semarang.

Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Quantum

Organizational Unit Name (eg, section) []: <-- Quantum

Common Name (eg, YOUR name) []: <-- fransiskus

Email Address []: <-- [email protected]

32. After that change the permission on pure-ftpd.pem.

chmod 600 /etc/ssl/private/pure-ftpd.pem

Chmod used is 600 so the owner can read and write on the file.

33. Restart pureftpd service.

service pure-ftpd-mysql restart

34. The next step is to edit the configuration file in fstab.

nano /etc/fstab

And add configuration to set the quota limit of each user and group in the file system / thing that need to be added is in fstab configuration is 22

/ext4./dev/sda1 / ext4 defaults, noatime, usrjquota = quota.user, grpjquota = quota.group, jqfmt = vfsv0 0 1 / dev / sda5 none swap sw 0 0s

35. Then remount the / directory.

mount -o remount /

And turn on the qouta limit on all users and groups.

quotaon -avug

36. Install bind dns.

apt-get install bind9 dnsutils haveged

37. Install vlogger, webalizer and awstats.

apt-get install vlogger webalizer awstats geoip-database libclass-dbi- mysql-perl

38. Edit the Configuration File in the directory in/etc/cron.d/awstats.

nano /etc/cron.d/awstats

then uncomment all configurations within awstats.

#MAILTO=root

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh

# Generate static reports:

#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

This configuration is done so that the update.sh and buildstatic.sh files are not backed up. If not tagged then the update.sh file will be backed up every 10 minutes and buildstatic will be backed up every 10 minutes once 23

and 3 hours once This configuration is also used to enable status in ISP config..

39. Install the software needed to install jailkit.

apt-get install build-essential autoconf automake1.11 libtool flex bison debhelper binutils

40. Then go to the tmp directory and then download jailkit with wget. http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz.

cd /tmp

wget http://olivier.sessink.nl/jailkit/jailkit-2.19.tar.gz

41. Extract the downloaded jailkit file and then go to the extracted jailkit folder.

tar xvfz jailkit-2.19.tar.gz

cd jailkit-2.19

42. Then execute on the debian / rules binary directory.

./debian/rules binary

43. After that return to direktory / tmp.

cd ..

44. The next step is to install jailkit.

dpkg -i jailkit_2.19-1_*.deb

The jailkit itself is used to restrict user accounts to certain files by using chroot.

45. Install fail2ban.

apt-get install fail2ban 24

Fail2ban is used to provide a rule like in IP Tables to perform a banned against failure in accessing the website.

46. Then create a new config file named jail.local in / etc / fail2ban / directory.

nano /etc/fail2ban/jail.local

The configuration content of jail.local is :

[pureftpd]

enabled =true

port =ftp

filter =pureftpd

logpath =var/log/syslog

maxretry =3

[dovecot-pop3imap]

enabled =true

filter =dovecot-pop3imap

action =iptables-multiport[name=dovecot- pop3imap,port="pop3,pop3s,imap,imaps",protocol=tcp]

logpath =/var/log/mail.log

maxretry =5

[postfix-sasl]

enabled =true

port =smtp

filter =postfix-sasl 25

logpath =/var/log/mail.log

maxretry = 3

This configuration is useful for enabling FTP, postfix, and dovecot. And configured it also set the IMAP and POP 3 ports on dovecot. And every file transfer and send email using POP3 and IMAP to be saved through log file.

47. After that create a new configuration file named pureftpd.conf in /etc/fail2ban/filter.d/ directory.

nano /etc/fail2ban/filter.d/pureftpd.conf

The contents of the configuration file is :

[Definition] failregex =.*pure-ftpd:(.*@[WARNING Authentication failed for user.* ignoreregex =

Configuration is useful for filtering any existing user such as if user and passsword are not appropriate then it will not be able to login via FTP server.

48. Then create a new configuration file named dovecot-pop3imap.conf in the /etc/fail2ban/filter.d/ directory

nano /etc/fail2ban/filter.d/dovecot-pop3imap.conf

The contents of the configuration file is :

[Definition]

failregex = (?: pop3-login|imap-login): .*(?:Authentication failure| Aborted login (auth failed|Aborted login (tried to use disabled| Disconnected (auth failed|Aborted login (d+ authentication attempts).*rip=(?PS*),.* 26

ignoreregex =

Configuration is useful for filtering every user who will login in the mail server as an example if the user and passsword does not match then it will not be able to login in the mail server.

49. The next step is to change the configuration in /etc/fail2ban/filter.d/postfix-sasl.conf to ignoreregex.

echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf

This configuration is done to add the line ignoreregex is missing on the file postfix-sasl.

50. Restart Fail2ban2 service.

service fail2ban restart

51. Install Roundcube Web Mail.

apt-get install roundcube roundcube-core roundcube-mysql roundcube-plugins roundcube-plugins-extra javascript-common libjs- jquery-mousewheel php-net-sieve tinymce

52. Configure Mysql password for roundcube web mail. This configuration is useful for making connections between databases with roundcube web mail. 27

Illustration 5.10 Display To Enter Mysql Password On Roundcube 53. Edit the roundcube.conf configuration file in the / etc / apache2 / conf- enabled / directory.

nano /etc/apache2/conf-enabled/roundcube.conf

Uncomment on the third line and add AddType application / x-httpd- php.php in the configuration under the deleted configuration

Alias /webmail /var/lib/roundcube

AddType application/x-httpd-php .php

This configuration aims to roundube web mail can be accessed by web broswer.

54. Edit config.inc.php config file in / etc / roundcube / directory.

nano /etc/roundcube/config.inc.php

then fill in $ config ['default_host'] = ''; with localhost

$config['default_host'] = 'localhost';

This configuration is useful for roundcube web mail can be accessed via LAN network. 28

55. Restart Apache2 service.

service apache2 restart

56. Download file isp config in directory tmp

wget -O ispconfig.tar.gz https://git.ispconfig.org/ispconfig/ispconfig3/repository/archive.tar.gz? ref=stable-3.1

57. After that the extracted ispconfig file has been downloaded.

tar xfz ispconfig.tar.gz

58. Then go to the directory / ispconfigs / install.

cd ispconfig3*/install/

59. After that run ISP config installation file.

php -q install.php

60. Then fill in the language used to install ispconfig, installation mode, mysql hostname, mysql port, mysq; username, mysql password, database, mysql charset, and fill ssl already created.

Select language (en,de) [en]: en

Installation mode (standard,expert) [standard]: standard

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [fransiskus]: fransiskus

MySQL server hostname [localhost]: localhost

MySQL server port [3306]: 3306

MySQL root username [root]: root

MySQL root password []: 12345

MySQL database to create [dbispconfig]: dbispconfig 29

MySQL charset [utf8]: utf8

Configuring Postgrey

Configuring Postfix

Generating a 4096 bit RSA private key ...... ++

...... ++ writing new private key to 'smtpd.key'

-----

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]: ID

State or Province Name (full name) [Some-State]: Jawa Tengah

Locality Name (eg, city) []: Semarang

Organization Name (eg, company) [Internet Widgits Pty Ltd]: Quantum

Organizational Unit Name (eg, section) []: Quantum 30

Common Name (e.g. server FQDN or YOUR name) []: fransiskus

Email Address []: [email protected]

61. After that fill in the port used to open ispconfignya and also fill in the password to login to ispconfig and re-fill the ssl to be created.

Configuring Getmail

Configuring BIND

Configuring Jailkit

Configuring Pureftpd

Configuring Apache

Configuring vlogger

Configuring Metronome XMPP Server

Configuring Ubuntu Firewall

Configuring Fail2ban

[INFO] service OpenVZ not detected

Configuring Apps vhost

Installing ISPConfig

ISPConfig Port [8080]: 8080

Admin password [admin]: admin

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y

Generating RSA private key, 4096 bit long modulus

...... ++

...... ++ 31

e is 65537 (0x10001)

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]: ID

State or Province Name (full name) [Some-State]: Jawa Tengah

Locality Name (eg, city) []: Semarang

Organization Name (eg, company) [Internet Widgits Pty Ltd]: Quantum

Organizational Unit Name (eg, section) []: Quantum

Common Name (e.g. server FQDN or YOUR name) []: fransiskus

Email Address []: [email protected]

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []: 12345

An optional company name []: quantum

writing RSA key

62. Wait until the installation process is complete. 32

Configuring DBServer

Installing ISPConfig crontab

no crontab for root

no crontab for getmail

Detect IP addresses

Restarting services ...

Installation completed.

63. After that update user in mysql

echo "update user set plugin='' where User='root';" | mysql -root -p mysql

This configuration is required for existing users in the database to be updated.

64. Then sync ispconfig with server

sync

This configuration is required for ISP config to be accessible in the web broswer.

65. Then restart the computer

reboot

66. Open the web broswer with https: // ipaddress: 8080 to make sure ispconfig has been successfully installed. 33

Illustration 5.11 Homepage ISP Config. Create Clients

1. Login first to the ISP Config page.

Illustration 5.12 Login To ISP Config. 2. The next step is to click on the clients menu. After that click add new client to add client. 34

Illustration 5.13 Menu Clients 3. After that fill the client data. The data that needs to be filled is the company name, title, first name on contact, contact name, passsword, and email.

Illustration 5.14 Fill Clients Data. 35

Illustration 5.15 Fill E-mail Clients. 4. Then click on save to add new client.

Illustration 5.16 Save Clients. 36

Illustration 5.17 Display After Client Successfully Created.

Create Web Hosting

1. Click on the sites menu then click a new websites.

Illustration 5.18 Display To Create A Website. 2. Then select the server used, select the client that has been created, select the ip address used on the server computer, fill in the desired website name then click save to save the name of the website. 37

Illustration 5.19 Display To Fill Website Name. 3. Click on DNS then click add new DNS zone with wizard. This configuration is required so that the name of websites that have been created can be accessed through web broswer with domain asdf.net.

Illustration 5.20 Menu DNS. 4. Then select the server name, select the client used to create the website, the contents of the domain in accordance with the name of the website that has been created, select ip address for the server, fill in NS 1 and NS2 with 38

ns1.namaserver and ns2.namaserver, and also fill email address user, then click save to save this dns configuration.

Illustration 5.21 DNS Configuration. 5. Setting the DNS IP belongs to the client computer. Filled in accordance with DNS IP Server to access domains that have been made in the ISP Config. 39

Illustration 5.22 IP DNS Configuration. 6. After that try domain website that has been made in web broswer. If it is successful then it will appear welcome to your website. 40

Illustration 5.23 Displays Websites That Have Been Created.

7. The next step is to click back on the menu sites then click on sub menu FTP-accounts, then click add new FTP-User.

Illustration 5.24 Submenu FTP Accounts. 8. Then select the name of websites that has been created, fill in the username and password that will be used to login, then click save. 41

Illustration 5.25 FTP Account Configuration. 9. The next step is to click on the sub menu of the database user and then click add new user to add a user database.

Illustration 5.26 Submenu Database User. 10. Then choose the client that will be used, enter the user name and password database, then click save to save database user that will be used to save database from website which have been prepared. 42

Illustration 5.27 Database User Configuration. 11. After that click on submenu database, then click add new database.

Illustration 5.28 Submenu Database. 12. Then select the name of the server used, select the name of the website to be used, select the database type, fill in the name of the database you want created, select the user database created, put the remote access, then click save. This configuration is required to create a database as a website storage that has been prepared. 43

Illustration 5.29 Database Configuration. 13. The next step is to open filezilla to upload website files from client to server.

Illustration 5.30 Filezilla. 14. Then fill in the hostname, username and password that have been created. For the hostname to be filled with the website name that has been created After that, click the quick connect to connect to the FTP server that was created in the ISP config. 44

Illustration 5.31 Login FTP Accounts. 15. After successfully connect to the FTP server the next step is to upload the website from the home directory to the directory / web / on the FTP server.

Illustration 5.32 FTP Server Upload Result. 45

16. The next step is to open a website that has been created as example asdf.net to web broswer, if successful upload file from server to client it will appear result from website already uploaded.

Illustration 5.33 Website Pageviews That Have Been Successfully Uploaded. Install WordPress on ISP config.

1. Select the language that will be used to install wordpress.

Illustration 5.34 Display To Select Installation Language. 46

2. Fill in the name of the database that has been created, username and password for the database, the contents of the database host with localhost, then click submit to continue installation.

Illustration 5.35 Display To Fill The Database To Be Used. 3. After that the contents of the title wordpress liking, fill in your username and password to login to your wordpress will be installed, enter the email address, then click install wordpress.

Illustration 5.36 Wordpress Configuration. 47

4. If the installation was successfully then it will appear the words succes and it appears the username and password information has been created.

Illustration 5.37 Display After WordPress Installed Successfully.

Illustration 5.38 Wordpress Pages That Are Already Installed. 5.2 Testing Testing in this project is trying to login to the page wordpress, add postings on wordpress, and display the results of articles that have been inputed. 48

Illustration 5.39 Page To Sign Into WordPress Account.

Illustration 5.40 Display After Login. 49

Illustration 5.41 Pages That Contain Articles That Have Been Created.

Illustration 5.42 Display To Add New Articles. 50

Illustration 5.43 Display Articles In The Wordpress Page.